lib/onebox/engine/image_onebox.rb in onebox-1.9.27.1 vs lib/onebox/engine/image_onebox.rb in onebox-1.9.27.2

@@ -17,10 +17,10 @@
           @url.sub!("https://www.dropbox.com", "https://dl.dropboxusercontent.com")
         end
 
         escaped_url = ::Onebox::Helpers.normalize_url_for_output(@url)
         <<-HTML
-          <a href="#{escaped_url}" target="_blank" class="onebox">
+          <a href="#{escaped_url}" target="_blank" rel="noopener" class="onebox">
             <img src="#{escaped_url}">
           </a>
         HTML
       end
     end